﻿// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.

using System.Collections.Generic;
using IdentityServer4;
using IdentityServer4.Models;

namespace Idp {
    public static class Config {
        public static IEnumerable<IdentityResource> IdentityResources =>
            new IdentityResource[] {
                new IdentityResources.OpenId (),
                new IdentityResources.Profile (),
                new IdentityResources.Address (),
                new IdentityResources.Phone (),
                new IdentityResources.Email ()
            };

        public static IEnumerable<ApiScope> ApiScopes =>
            new ApiScope[] {
                new ApiScope ("scope1"),
                new ApiScope ("scope2"),
                new ApiScope ("api1"),
                new ApiScope ("api2"),
            };

        public static IEnumerable<Client> Clients =>
            new Client[] {
                // m2m client credentials flow client
                new Client {
                ClientId = "m2m.client",
                ClientName = "Client Credentials Client",

                AllowedGrantTypes = GrantTypes.ClientCredentials,
                ClientSecrets = { new Secret ("511536EF-F270-4058-80CA-1C89C192F69A".Sha256 ()) },

                AllowedScopes = { "scope1", "api1", }
                // AllowedScopes = { "scope1", "api1", IdentityServerConstants.StandardScopes.OpenId }
                // AllowedScopes = { "api1" }
                },

                // WPF  client , password grant
                new Client {
                ClientId = "WPF Client",
                AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                ClientSecrets = {
                new Secret ("WPF Secrect".Sha256 ())
                },
                AllowedScopes = {
                "api1",
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile,
                IdentityServerConstants.StandardScopes.Address,
                IdentityServerConstants.StandardScopes.Phone,
                IdentityServerConstants.StandardScopes.Email,
                }
                },

                // MVC  client , Authorization Code
                new Client {
                ClientId = "mvc client",
                AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,
                // 允许两种授权方式
                ClientSecrets = {
                new Secret ("mvc secrect".Sha256 ())
                },

                // where to redirect to after login
                RedirectUris = { "http://localhost:5002/signin-oidc" },

                // where to redirect to after logout
                PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },

                FrontChannelLogoutUri = "http://localhost:5002/signout-oidc",

                AlwaysIncludeUserClaimsInIdToken = false,

                AllowOfflineAccess = true, // offline_access -> 离线访问 -> 是否使用 Refresh Token

                AllowedScopes = {
                "api1",
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile,
                },
                }

                // interactive client using code flow + pkce
                // new Client
                // {
                //     ClientId = "interactive",
                //     ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },

                //     AllowedGrantTypes = GrantTypes.Code,

                //     RedirectUris = { "https://localhost:44300/signin-oidc" },
                //     FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
                //     PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },

                //     AllowOfflineAccess = true,
                //     AllowedScopes = { "openid", "profile", "scope2" }
                // },
            };
    }
}